Computer Hacking Forensic Investigator v1.0 (312-49)

Page:    1 / 36   
Total 537 questions

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?

  • A. forensic duplication of hard drive
  • B. analysis of volatile data
  • C. comparison of MD5 checksums
  • D. review of SIDs in the Registry


Answer : C

Which response organization tracks hoaxes as well as viruses?

  • A. NIPC
  • B. FEDCIRC
  • C. CERT
  • D. CIAC


Answer : D

Which federal computer crime law specifically refers to fraud and related activity in connection with access devices like routers?

  • A. 18 U.S.C. 1029
  • B. 18 U.S.C. 1362
  • C. 18 U.S.C. 2511
  • D. 18 U.S.C. 2703


Answer : A

Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

  • A. the Microsoft Virtual Machine Identifier
  • B. the Personal Application Protocol
  • C. the Globally Unique ID
  • D. the Individual ASCII String


Answer : C

What TCP/UDP port does the toolkit program netstat use?

  • A. Port 7
  • B. Port 15
  • C. Port 23
  • D. Port 69


Answer : B

Under which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?

  • A. 18 U.S.C. 1029 Possession of Access Devices
  • B. 18 U.S.C. 1030 Fraud and related activity in connection with computers
  • C. 18 U.S.C. 1343 Fraud by wire, radio or television
  • D. 18 U.S.C. 1361 Injury to Government Property
  • E. 18 U.S.C. 1362 Government communication systems
  • F. 18 U.S.C. 1831 Economic Espionage Act
  • G. 18 U.S.C. 1832 Trade Secrets Act


Answer : B

In a FAT32 system, a 123 KB file will use how many sectors?

  • A. 34
  • B. 25
  • C. 11
  • D. 56


Answer : B

You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?

  • A. The registry
  • B. The swap file
  • C. The recycle bin
  • D. The metadata


Answer : B

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

  • A. a write-blocker
  • B. a protocol analyzer
  • C. a firewall
  • D. a disk editor


Answer : A

How many sectors will a 125 KB file use in a FAT32 file system?

  • A. 32
  • B. 16
  • C. 256
  • D. 25


Answer : C

You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?

  • A. 70 years
  • B. the life of the author
  • C. the life of the author plus 70 years
  • D. copyrights last forever


Answer : C

When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?

  • A. on the individual computer's ARP cache
  • B. in the Web Server log files
  • C. in the DHCP Server log files
  • D. there is no way to determine the specific IP address


Answer : C

Bob has been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the
System for a period of three weeks. However, law enforcement agencies were recoding his every activity and this was later presented as evidence.
The organization had used a Virtual Environment to trap Bob. What is a Virtual Environment?

  • A. A Honeypot that traps hackers
  • B. A system Using Trojaned commands
  • C. An environment set up after the user logs in
  • D. An environment set up before a user logs in


Answer : A

To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providing tools and creating procedures for testing and validating computer forensics software?

  • A. Computer Forensics Tools and Validation Committee (CFTVC)
  • B. Association of Computer Forensics Software Manufactures (ACFSM)
  • C. National Institute of Standards and Technology (NIST)
  • D. Society for Valid Forensics Tools and Testing (SVFTT)


Answer : C

With Regard to using an Antivirus scanner during a computer forensics investigation, You should:

  • A. Scan the suspect hard drive before beginning an investigation
  • B. Never run a scan on your forensics workstation because it could change your systems configuration
  • C. Scan your forensics workstation at intervals of no more than once every five minutes during an investigation
  • D. Scan your Forensics workstation before beginning an investigation


Answer : D

Page:    1 / 36   
Total 537 questions